Firewall Wizards mailing list archives
Allowing relay through Watchguard Firebox 1000
From: "Bob Alberti" <alberti () sanction net>
Date: Sat, 21 Feb 2004 12:49:16 -0600
I have a client running a Watchguard Firebox 1000 (Linux Boot 6.0.B1140, Policy Manager B2200). They have recently started deploying e-mail enabled cell phones. Cell phone users can reply to messages from other employees, but cannot relay mail from their cell phones outside the domain (i.e. to customers), responding with the rather odd error "553 Requested action not taken: mailbox name not allowed or chunk too large" That's actually fine -- normally they don't WANT relaying of course -- but I have been unsuccessful in my attempts to tell the firebox "It's okay to relay from this domain or this set of IP addresses." Part of the difficulty is that this is a production system, so my ability to experiment is limited -- my last test, carefully executed after hours, resulted in all inbound mail being cut off for a time. I have already researched Google and Google Groups, checked the FW archives, and also called several times and attempted to get technical support from Watchguard (the last time they gave my cell number to a fellow in New Delhi who was supposed to call me back a week ago). So at this point if anyone can help me with fairly precise instructions on where-to-set-what in the policy manager, I'd really appreciate it. (I am also willing to replace the Watchguard SMTP proxy with non-stateful port-redirect to the mail server and let the mail server manage the whole relaying question. One problem that they are seeing is that attempted mail relays are being accepted by the mail server because they see the sender as being the firewall [i.e. "internal"]. The spam doesn't go out because the mail server rejects the outbound domain based on policy, but I'd rather the relaying not even get queued up in the first place... but one problem at a time here.) Thanks in advance for any assistance. Bob Alberti, CISSP alberti () sanction net http://www.sanction.net Phone: (612) 486-5000 ext 211 P.S. Another worry I have -- as more companies modify their systems to allow employee cell phones to relay e-mail, how long til the spammers start spoofing cell phone IP addresses in order to relay their spam? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Allowing relay through Watchguard Firebox 1000 Bob Alberti (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Frederick M Avolio (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Paul Robertson (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Patrick M. Hausen (Feb 23)
- <Possible follow-ups>
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Frederick M Avolio (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Marcus J. Ranum (Feb 23)
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 26)